As the nation begins its pilots of pioneer Accountable Care Organizations and shares more data for care coordination and population management, IT departments will be asked to make clinical records available to increasing numbers of loosely affiliated clinicians and staff.
The challenge will be managing the authentication and authorization of a diverse population of legitimate users.
BIDMC stakeholders met this week to discuss best practices for managing distributed authentication while protecting privacy. We suggested three approaches:
1. Use well defined rules to approve new accounts for external organizations in addition to implementing robust audit systems for monitoring account use
As clinical relationships become increasingly complex, it is no longer sufficient to use staff/credentialing privileges as the gating factor for creating accounts with clinical access rights. Organizational legal relationships (agreements signed between entire organizations), chain of command sponsorship (MD leadership at an organization requests access for appropriate clinicians), and patient referral patterns (coordination of care requires specific team member access) are all valid reasons for authorizing users. Since management of accounts across organizations is challenging, it is important to review audit trails via automated and manual methods, enforcing minimal need to know and appropriate clinical data use policies. We already use a variation of this approach for those external clinicians caring for BIDMC patients who need access to our read-only web-based provider portal.
2. Federated authentication
Although one organization can issue credentials to employees of affiliates, it is challenging to monitor changes in the status of users at outside organizations. What if a clinician's role changes or they leave? If one organization trusts the credentials of another organization, a federated approach can provide more timely oversight of access rights. At Beth Israel Deaconess, we've created a technology that enables EHRs at outside organizations to access records of patients shared in common with BIDMC - the "magic button". A trusted associated organization manages clinical access to its own systems, and then grants those authorized users rights to BIDMC records for only those patients registered at the local site and BIDMC. Although comprehensive legal agreements to enable this approach take time to create, the benefit is better account oversight when roles change at outside organizations.
3. State HIE trust fabric